S

SACL

System access control list

A part of the NT security descriptor for an object, used to maintain per object auditing information. See also security descriptor, ACE, and ACL.

SAM

Security Account Manager

An integral subsystem that maintains a database of information on user accounts, including passwords, any account groups a given user belongs to, the access rights each user is allowed, and any special privileges a given user has.

SCSI

Small computer standard interface (pronunciation: “scuzzy”)

NT SCSI drivers are assumed to comply with the ANSI SCSI-II standard. In addition, NT supplies an OS-specific SCSI port driver, implemented as a dynamic-link library, and several device-type-specific class drivers, together with defined interfaces to HBA-specific SCSI miniport drivers and additional class drivers.

ScsiPort routines

An interface to HBA-specific miniport drivers exported by the system-supplied SCSI port driver. SCSI miniport drivers call these routines to obtain all OS-specific, system support they need to carry out I/O operations.

Drivers of nonSCSI mass-storage devices, implemented as a pseudoSCSI miniport, also can use this interface.

section object

A user-mode object type, representing a memory entity that can be mapped onto a range of virtual addresses in a process’s address space. Note that creating or opening a section object does not allocate physical memory. See also view.

An opened section object can be either:

·File-backed – The original entity resides as a file on a disk.

·Page-backed – The original entity resides either in a paging file controlled by the Memory Manager or (wholly or partially) in physical memory where storage is page-granular and the page size is microprocessor-dependent.

Unnamed sections are not sharable, but a view into an unnamed section can be mapped through the creating process’s handle. Named sections are shareable. All sections are inheritable by child processes.

security descriptor

A data structure used to hold per-object security information, including the object’s owner, group, protection attributes, and audit information. See also ACE, ACL, SACL, and SID.

security violation

A user-mode (protected subsystem) attempt to access an object by passing its handle to a system service without having the correct, granted access rights for the requested operation. See also ACE and ACL.

Note that the Security component does not check the access rights on object handles used by kernel-mode code. However, the I/O Manager and network server driver can force a security access check on object handles.

SEH

Structured exception handling

A feature of the NT system, which supports control transfers to exception handlers when certain runtime exceptions occur. The system traps the following general kinds of exceptions:

1.Hardware-defined faults or traps, such as,

·Access violations (see also access violation)

·Data-type misalignments (such as a 16-bit entity aligned on an
odd-byte boundary)

·Illegal and privileged instructions

·Invalid lock sequences (attempting to execute an invalid sequence of
instructions within an interlocked section of code)

·Integer divides by zero and overflows

·Floating-point divides by zero, overflows, underflows, and reserved
operands

·Breakpoints and single steps (to support debuggers)

2.System software-defined exceptions, such as,

·Guard-page violations (attempting to load or store data from or to a
location within a guard page)

·Page read errors (attempting to read a page into memory and
encountering a concurrent I/O error)

·Paging file quota exceeded (attempting to commit backing store for a
page currently being removed from a process’s working set).

NT supplies standard exception handlers for data-type alignment faults and for ANSI/IEEE Std 754-1985 floating-point faults.

Both user-mode and kernel-mode code can set up custom exception handlers using the except, try, and finally constructs supplied by system-compatible C compilers and supported by the RtlXxx (Runtime Library). An exception handler can be associated with each call frame in the function-call hierarchy of a program. A CONTEXT record contains the register state for each exception handler. See also Rtl routines.

semaphore object

A user-mode semaphore gates access to resources, allowing some maximum number of threads, as specified when the semaphore object was created, to access the resources protected by the semaphore.

Each user-mode semaphore also has an associated current count, representing how many additional threads can acquire the semaphore. When the current count is zero, a thread attempting to acquire the semaphore waits until the count is incremented when another thread releases that semaphore. Every user-mode semaphore object is implemented through the use of a kernel-mode semaphore object.

A kernel-mode semaphore is an instance of a Kernel-defined dispatcher object type.

Any semaphore object has either of two uses:

·A counting semaphore gates access to a resource by allowing some number of threads up to a specified limit to access the resource while the semaphore is set to the Signaled state (semaphore count is nonzero).

·A binary semaphore gates access to a single resource, if and only if the limit is set to one and it is not possible for the semaphore to be over-Signaled (set to the Signaled state when it is already in the Signaled state). A binary semaphore gates exclusive access to a resource.

However, using a semaphore with a limit of one to gate access is not the same thing as using a mutex: semaphores have no ownership, deadlocks are possible, and the owner’s priority is unaffected.

server

(1) A process with one or more threads that accept requests from client processes. See also client/server model.

(2) Any file system driver that provides remote access to files, named pipes, comm devices, and/or print devices.

Session Manager

An integral subsystem that starts and keeps track of NT logon sessions and serves as an intermediary between protected subsystems.

SFD

SCSI filter driver

An add-on driver that is layered above an existing SCSI class driver. An SFD intercepts requests for a particular SCSI peripheral device that has special features (not shared by other SCSI devices of its class), or that does not accept standard SCSI-II CDBs, in order to set up device-specific requests.

SID

Security identifier

A value, unique across time and space, that identifies a process in the Security system. SIDs can either identify an individual process, usually containing a user’s logon identifier, or a group of processes.

Signaled

One of two possible states for Kernel-defined dispatcher objects, which support synchronization. When the Kernel sets such an object to the Signaled state, any threads waiting on the object are released from their wait and become eligible for execution.

single-byte coding scheme

A character encoding scheme, such as ASCII, that uses a byte to represent each character. See also Unicode.

SMP machine

Symmetric multiprocessor machine

See multiprocessor machine.

spin lock

A spin lock is a low-level, synchronization mechanism defined by the NT Kernel. An NT driver or any other kernel-mode component that runs at raised IRQL can use a spin lock to synchronize access to a shared resource, particularly in a multiprocessor machine.

When one routine holds a spin lock, a second routine running on another processor cannot access the resource protected by that spin lock until it acquires the lock. While a routine attempts to acquire a spin lock, it cannot carry out other operations (it “spins”) until the lock has been acquired.

All operations involving system-defined spin locks are IRQL-specific to help prevent deadlocks. An interrupt spin lock can only be acquired while executing at a DIRQL of the associated interrupt object(s). An executive spin lock can only be acquired while executing at the highest IRQL (usually DISPATCH_LEVEL) of any routine that can acquire that executive spin lock.

SRB

SCSI request block

An NT-defined structure, used to communicate I/O requests from a SCSI class driver to the NT port driver, which relays such requests to appropriate HBA-specific miniport drivers. Pseudominiport drivers of nonSCSI mass-storage devices, which link themselves with the NT SCSI port driver and rely on a SCSI class driver for the same type as their device(s), translate the information in SRBs into device-specific commands.

stream file object

A virtual file representing on-disk data associated with a file, some of which might not be part of the physical file that backs a file object. For example, a stream file object makes it possible to cache the EAs or ACL for a file object together with the file’s data. FS-created stream file objects also make it possible to cache a copy of the on-media metadata describing the contents of each FS-mounted volume. See also volume file.

stripe driver

(a.k.a. “RAID driver”)

An intermediate driver whose job is to get better performance for file accesses than the underlying disk driver can. A stripe driver is layered somewhere between the FSD and a disk device driver. It distributes pieces of each file over a set of partitions concurrently, thereby cutting down on synchronous read/write time for the file.

The system-supplied fault tolerant disk driver, ftdisk, is a (RAID5) stripe driver.

subject

The combination of a (security) token and of an associated program that may use system services. See also token.

supervisor mode

See kernel mode.

SVGA

Super VGA

A video adapter with special features, such as support for high-resolution modes or additional colors, that is also VGA-compatible.

symbolic link

(1) An instance of the symbolic link object type, representing a “soft alias” that equates one name to another within the NT Object Manager’s name space.

(2) A file object with special properties. When a symbolic link file is encountered as a component of a pathname, rather than opening the file itself, the file system is redirected to a target file.

Note that the I/O Manager does not actually use a symbolic link object to implement symbolic link files; it uses a file object.

symbolic link object

An instance of a type defined by the Object Manager, used to translate a reference to one named object into a different name.

system paging file

A system file containing the contents of paged pool allocations that are currently paged out to backing store. See also pool memory and paging file.

system services

The set of native, user-mode routines exported by the executive for use only by Windows NT protected subsystems. Each system service has a name of the form TwoLettersXxxYyy where:

·TwoLetters is the prefix for all system services.

·Xxx is usually a verb, describing the operation of a given service.

·Yyy is generally the object type the service operates on.

See also Zw routines.

system space

See kernel space.

system worker threads

A set of kernel-mode threads provided by the NT Executive Support component that NT drivers, particularly FSDs, use to get work done within a nonarbitrary thread/process context. Such a driver sets up a work queue item with a driver-supplied callback routine that is queued to be run when a system worker thread is dispatched for execution by the Kernel. See also FSP and thread object.